Loading...
Stand: 14.04.2026
With this privacy policy, we inform you about which personal data we process when you use our website, contact us, sign up for the newsletter, join a waiting list or place a booking.
The controller responsible for data processing on this website is:
GT Days
Markus Zwahr
Kerschensteiner Str. 15
82110 Germering
Deutschland
E-Mail: hello@gt-days.com
When you visit our website, technically required access data is processed. This includes in particular the IP address, date and time of access, requested URL, referrer URL, browser type and version, operating system and requesting host.
This processing is carried out to securely provide the website, analyse errors, ensure stability and prevent misuse on the basis of Art. 6(1)(f) GDPR. Recipients are our hosting and infrastructure service providers. The storage period depends on how long the data is required for secure operation and abuse prevention; afterwards the data is deleted or anonymised.
We use external infrastructure and network service providers to operate our website and API. These include in particular Vercel for website hosting, fly.io for the API infrastructure, bunny.net for the delivery and storage of certain content, and Cloudflare for DNS and technical network infrastructure. In this context, in particular the IP address, timestamps, requested content, header information and technical log data may be processed.
The legal basis is Art. 6(1)(f) GDPR. The processing is carried out to ensure the secure, fast and reliable provision of our online offering. Insofar as personal data is stored on or read from end devices in this context, this is additionally governed by Section 25(2) TDDDG. The storage period depends on technical necessity and the respective deletion or retention periods of the infrastructure used.
We store your cookie choice in your browser’s local storage so that your decision can be documented and respected on future page views. During the booking process, we also use a strictly necessary HTTP-only cookie (`gt_days_checkout`) in order to associate the cart and order status during checkout.
The legal basis for these storage operations is Section 25(2) no. 2 TDDDG. Insofar as personal data is processed in this context, the processing is based on Art. 6(1)(f) GDPR. The consent setting remains stored until you delete or reset it in your browser. The checkout cookie is deleted after 24 hours at the latest.
We use strictly necessary technologies as well as optional analytics and marketing services. Optional services are only activated after your explicit consent. The legal basis for optional cookies and similar technologies is Section 25(1) TDDDG; the legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.
If you consent to analytics, we use Google Tag Manager as the technical tag delivery and management platform and Google Analytics 4 for reach measurement, page view analysis and the evaluation of e-commerce events such as `view_item`, `view_item_list`, `select_item`, `add_to_cart`, `view_cart`, `begin_checkout`, `add_payment_info`, `checkout_order_submitted`, and `purchase`.
In this context, online identifiers, consent signals, information about the device and browser used, page views, interactions and transaction-related event data may be processed in particular. The recipient is in particular Google Ireland Limited. We also use Google Consent Mode v2 and transmit the signals `analytics_storage`, `ad_storage`, `ad_user_data` and `ad_personalization` according to your choice. Without consent, these signals remain set to “denied”. The storage period depends on the retention settings configured by us in the Google services.
If you consent to marketing, we use Google Ads for conversion measurement and remarketing as well as Meta Pixel for marketing and conversion purposes. This may also include conversions from contact requests, newsletter sign-ups, waiting-list registrations, and booking or purchase events. Depending on the respective tool configuration, enhanced matching features may also be used.
In this context, online identifiers, information about the device and browser, page views, referrers, interactions and conversion data may be processed in particular. Recipients are in particular Google Ireland Limited and Meta Platforms Ireland Limited. The storage period depends on the settings configured by us in the services used.
To protect our forms, we use a self-hosted ALTCHA challenge. In this context, challenge and verification data is processed. In addition, we process the IP address and time of the request for form submissions in order to enforce rate limits and prevent automated misuse.
The legal basis is Art. 6(1)(f) GDPR. This data is stored only for as long as necessary for the respective security and abuse checks.
If you contact us via the contact form, we process the data you provide in the form. This includes your name, email address, optional phone number, subject and message. The processing is carried out in order to handle your request and, where applicable, to take pre-contractual steps.
The legal basis is Art. 6(1)(b) GDPR insofar as your request relates to a contract or booking, otherwise Art. 6(1)(f) GDPR. Providing your data is voluntary; however, without the mandatory information we cannot process your request. We store your data only for as long as necessary to handle your request or as required by statutory retention obligations or the assertion or defence of legal claims.
We use Mailjet as our email service provider for the technical delivery and forwarding of contact requests. In addition to us, Mailjet SAS is therefore also a recipient of the data you enter in the contact form.
If you subscribe to our newsletter, we process your email address as well as your optional first and last name. To confirm your subscription in a legally compliant way, we use a double opt-in procedure. In this context, we also process the time of registration, IP address, the content of your consent declaration and the time of confirmation.
The legal basis is Art. 6(1)(a) GDPR. The recipient is Mailjet SAS as our email delivery and list management service provider. Providing your data is voluntary; however, registration is not possible without an email address. We store newsletter data until you unsubscribe or withdraw your consent. Proof data regarding the consent you have given is stored for as long as required to demonstrate lawful registration and to assert or defend claims.
If you join the waiting list for a sold-out event, we process your email address and the identifier of the relevant event. This also includes security data from the CAPTCHA check and abuse-prevention measures.
The processing is carried out to record and manage your waiting-list request and, if places become available, to contact you. The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. The data is deleted once the purpose no longer applies and no statutory retention requirements prevent deletion.
We use Pretix infrastructure for bookings. During the checkout process, data such as your email address, selected products and positions, invoice data, payment information, order comments and technical status data may be processed in particular. The recipient is pretix GmbH, Heidelberg, as the ticketing and checkout service provider.
The processing is carried out in order to perform the booking and execute the contract on the basis of Art. 6(1)(b) GDPR. Providing the data required for the booking is contractually necessary; without this information, a booking cannot be completed. The storage period depends on the contract execution and on statutory retention periods, in particular under commercial and tax law.
Payment is currently made exclusively by bank transfer directly to us. No external payment service providers are integrated into the Pretix checkout.
We use service providers for hosting, infrastructure, email delivery, ticketing and, subject to your consent, analytics and marketing. Insofar as data is transferred to countries outside the EU or EEA, or access from such countries cannot be ruled out, we rely – depending on the recipient – on the adequacy decision for the EU-US Data Privacy Framework or on appropriate safeguards such as standard contractual clauses. According to the provider, Mailjet processes data primarily within the EU.
Recipients include in particular Google Ireland Limited, Meta Platforms Ireland Limited, Mailjet SAS, pretix GmbH, and our infrastructure service providers Vercel, fly.io, bunny.net and Cloudflare. Insofar as transfers to third countries occur in this context, or access from such countries cannot be ruled out, this takes place on the basis of the applicable data protection transfer mechanisms in each case.
You can withdraw any consent you have given at any time with effect for the future or adjust your choices using the cookie settings:
Within the limits of the statutory provisions, you have in particular the right to obtain access to the data stored about you, to have inaccurate data rectified, to request erasure, restriction of processing and data portability, and to object to processing based on Art. 6(1)(f) GDPR.
If processing is based on your consent, you can withdraw that consent at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected.
You also have the right to lodge a complaint with a data protection supervisory authority. For private companies in Bavaria, the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, is competent in particular. Further information is available at https://www.lda.bayern.de/.
We do not carry out solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
If you have any questions about data protection, you can reach us at: hello@gt-days.com